Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:045
HistoryFeb 09, 2004 - 12:00 a.m.

(RHSA-2004:045) gaim security update

2004-02-0900:00:00
access.redhat.com
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.241 Low

EPSS

Percentile

96.1%

JSON

Gaim is an instant messenger client that can handle multiple protocols.

Stefan Esser audited the Gaim source code and found a number of bugs that
have security implications. Many of these bugs do not affect the version
of Gaim distributed with version 2.1 of Red Hat Enterprise Linux.

A buffer overflow exists in the HTTP Proxy connect code. If Gaim is
configured to use an HTTP proxy for connecting to a server, a malicious
HTTP proxy could run arbitrary code as the user running Gaim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0006 to this issue.

An integer overflow in Gaim 0.74 and earlier, when allocating memory for a
directIM packet for AIM/Oscar, results in heap overflow. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0008 to this issue.

Users of Gaim should upgrade to these erratum packages, which contain
a backported security patch correcting this issue.

Red Hat would like to thank Steffan Esser for finding and reporting these
issues and Jacques A. Vidrine for providing initial patches.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386gaim< 0.59.1-0.2.2gaim-0.59.1-0.2.2.i386.rpm
RedHatanyia64gaim< 0.59.1-0.2.2gaim-0.59.1-0.2.2.ia64.rpm

Related

nessus 6
redhat 1
openvas 6
debian 2
securityvulns 1
osv 1
freebsd 1
cert 7
cve 2
ubuntucve 1
suse 1
nessus
nessus
RHEL 2.1 : gaim (RHSA-2004:045)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : gaim (MDKSA-2004:006-1)
2004-07-31 00:00:00
RHEL 3 : gaim (RHSA-2004:033)
2004-07-06 00:00:00
redhat
redhat
(RHSA-2004:033) gaim security update
2004-01-26 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-434)
2008-01-17 00:00:00
Debian Security Advisory DSA 434-1 (gaim)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200401-04 (GAIM)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities
2004-02-05 14:06:18
[SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities
2004-02-05 14:06:18
securityvulns
securityvulns
Advisory 01/2004: 12 x Gaim remote overflows
2004-01-26 00:00:00
osv
osv
gaim - several vulnerabilities
2004-02-05 00:00:00
freebsd
freebsd
Several remotely exploitable buffer overflows in gaim
2004-01-26 00:00:00
cert
cert
Gaim fails to properly validate the "name" parameter in the Yahoo login webpage
2004-05-06 00:00:00
Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function
2004-05-06 00:00:00
Gaim contains an integer overflow vulnerability when parsing DirectIM packets
2004-05-10 00:00:00
cve
cve
CVE-2004-0008
2004-03-03 05:00:00
CVE-2004-0006
2004-03-03 05:00:00
ubuntucve
ubuntucve
CVE-2004-0006
2004-03-03 00:00:00
suse
suse
remote system compromise in gaim
2004-01-29 12:56:32

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.241 Low

EPSS

Percentile

96.1%

JSON
Related for RHSA-2004:045
nessus6redhat1openvas6debian2securityvulns1osv1freebsd1cert7cve2ubuntucve1suse1